ghostscript (SL7)

Synopsis: Important: ghostscript security and bug fix update Advisory ID: SLSA-2018:3761-1 Issue Date: 2018-12-04 CVE Numbers: CVE-2018-16863 — Security Fix(es): * ghostscript: incomplete fix for CVE-2018-16509 (CVE-2018-16863) Bug Fix(es): * Previously, the flushpage operator has been removed as part of … Read More

ruby (SL7)

Synopsis: Important: ruby security update Advisory ID: SLSA-2018:3738-1 Issue Date: 2018-11-30 CVE Numbers: CVE-2018-16395 — Security Fix(es): * ruby: OpenSSL::X509::Name equality check does not work correctly (CVE-2018-16395) — SL7 x86_64 ruby- ruby-debuginfo- ruby-debuginfo- ruby-libs- ruby-libs- rubygem-bigdecimal-1.2.0-34.el7_6.x86_64.rpm rubygem-io-console-0.4.2-34.el7_6.x86_64.rpm rubygem-json-1.7.7-34.el7_6.x86_64.rpm rubygem-psych-2.0.0-34.el7_6.x86_64.rpm ruby-devel- … Read More

kernel (SL7)

Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2018:3651-1 Issue Date: 2018-11-27 CVE Numbers: CVE-2018-14633 CVE-2018-14646 — Security Fix(es): * kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633) * kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() … Read More

NetworkManager (SL7)

Synopsis: Important: NetworkManager security update Advisory ID: SLSA-2018:3665-1 Issue Date: 2018-11-27 CVE Numbers: CVE-2018-15688 — Security Fix(es): * systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688) — SL7 x86_64 NetworkManager-1.12.0-8.el7_6.x86_64.rpm NetworkManager-adsl-1.12.0-8.el7_6.x86_64.rpm NetworkManager-bluetooth-1.12.0-8.el7_6.x86_64.rpm NetworkManager-debuginfo-1.12.0-8.el7_6.i686.rpm NetworkManager-debuginfo-1.12.0-8.el7_6.x86_64.rpm NetworkManager-glib-1.12.0-8.el7_6.i686.rpm NetworkManager-glib-1.12.0-8.el7_6.x86_64.rpm NetworkManager-libnm-1.12.0-8.el7_6.i686.rpm NetworkManager-libnm-1.12.0-8.el7_6.x86_64.rpm … Read More

ghostscript (SL7)

Synopsis: Important: ghostscript security update Advisory ID: SLSA-2018:3650-1 Issue Date: 2018-11-27 CVE Numbers: CVE-2018-15908 CVE-2018-16511 CVE-2018-15909 CVE-2018-16539 — Security Fix(es): * ghostscript: .tempfile file permission issues (699657) (CVE-2018-15908) * ghostscript: shading_param incomplete type checking (699660) (CVE-2018-15909) * ghostscript: missing type … Read More

sos-collector (SL7)

Synopsis: Moderate: sos-collector security update Advisory ID: SLSA-2018:3663-1 Issue Date: 2018-11-27 CVE Numbers: CVE-2018-14650 — The following packages have been upgraded to a later upstream version: sos-collector (1.5). Security Fix(es): * sos-collector: incorrect permissions set on newly created files (CVE-2018-14650) … Read More

fuse (SL7)

Synopsis: Moderate: fuse security update Advisory ID: SLSA-2018:3324-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10906 — Security Fix(es): * fuse: bypass of the “user_allow_other” restriction when SELinux is active (CVE-2018-10906) — SL7 x86_64 fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm – … Read More

python-paramiko (SL7)

Synopsis: Critical: python-paramiko security update Advisory ID: SLSA-2018:3347-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-1000805 — Security Fix(es): * python-paramiko: Authentication bypass in (CVE-2018-1000805) — SL7 noarch python-paramiko-2.1.1-9.el7.noarch.rpm python-paramiko-doc-2.1.1-9.el7.noarch.rpm python-paramiko-2.1.1-9.el7.src.rpm – Scientific Linux Development Team

wget (SL7)

Synopsis: Moderate: wget security and bug fix update Advisory ID: SLSA-2018:3052-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-0494 — Security Fix(es): * wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494) — SL7 x86_64 wget-1.14-18.el7.x86_64.rpm … Read More

ovmf (SL7)

Synopsis: Moderate: ovmf security, bug fix, and enhancement update Advisory ID: SLSA-2018:3090-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-0739 — Security Fix(es): * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) … Read More